Distributed File Server


Uploaded by itfreetraining on 04.09.2011

Transcript:
In this section I will look a configuring the distributed file system or DFS. DFS provides
a way to manage your file shares in your enterprise to make it easier for your end users to find
data. In this video I will first look at what is
DFS. DFS was first introduced in windows Server 2000 and since then Microsoft has continue
to make improvements. Next I will look at how to install DFS. If you are using Windows
Server 2008, there are some additional features you may want to look at.
Next I will look at the options you can configure in DFS. Depending on how large your DFS infrastructure
is you may need to do some fine tuning. Lastly I will look at how to configure DFS. Using
DFS correctly in your organization can help organize your file shares making it easier
for your end users to find information. In a large organization there can be 100’s
of file shares spread out over many different servers over many different sites. This can
make it very difficult for users to find the data that they are after and often means mapping
a large amount of network drives. Distributed file system or DFS, allows a user to access
many different file shares using the same namespace.
Consider this, you have two servers located on different sides of the world that a user
needs to access. Normally the user would need to map 2 different network drives to these
severs. With DFS, you can create one DFS root which can access both shares.
When the users access the DFS root and attempts to access one of the folders. The user is
redirected to the server that contains the file share. The end user does not need to
know the name of the file share or which server it is located on.
DFS also allows you to create replicates though out the network and keeps them up to date.
In any organization unfortunately you are going to have duplication of data. End users
are going to keep copies of the same data on their local server that is already on anther
server. Imagine a system that allows the end user
to keep a copy of the same data on every server and changes to that data are automatically
replicated to every other server on the network. This is essentially what DFS does.
Given this example you could create a replicate of the two shares on the other servers. When
a user attempts to access DFS, the user will automatically be taken to the closest server
with a copy of that share on it. This also allows you to create redundancy on your network.
All the user sees is a single share which can connected them to an unlimited number
of shares on the network completely transparently. To install the distributed file system, run
server manager and then select the option roles and then select add roles. Once you
are past the welcome screen you need to select the role file services.
Once I press next and skip the file services welcome screen, I need to add the distributed
file services component. When installing DFS, the two components of the DFS system are DFS
namespace and DFS replication. DFS name space is basically the heart of the DFS file system.
It is what allows you to create the DFS name space which can be mapped to by the end-users.
The DFS replication component allows you to replicate data files across the network. Generally
in most scenarios you will want to leave both these components selected. The installation
wizard now gives you the option to create a DFS namespace. If you wish you can create
a DFS name space later on by selecting the second option.
In this case I will create a new namespace called general. Once I have enter the name
and moved on in the wizard, I will get the option to select a domain name based namespace
or a standalone namespace. A stand alone namespace is created on the server that you are hosting
DFS on. If I created a stand along name space in this
example, the end user would access it by mapping a drive to FS3. The disadvantage of this is
if FS3 was not available the user could not access the DFS namespace, even if the DFS
name space was directing the user to a file share on anther file server.
With a standalone namespace you can host the namespace on a failover cluster. This will
give you some redundancy when using a standalone name space. If I select the default, domain
name based namespace, the DFS namespace will be stored in active directory.
This gives you a lot more redundancy as all domain controllers on your network will have
a copy of your DFS namespace. Notice the option enable Windows server 2008 mode. This is currently
grayed out. In order to use Windows server 2008 mode, a number of prerequisites have
to be met. First of all first of all, your domain function
level must be set to at least windows server 2008 and your forest function level must be
set to at least Windows server 2003. To find out what function level your domain is, from
administrator tools under the start menu, run active directory domains and trusts and
then right-click and select raise domain functional level.
Currently you can see my function level is Windows server 2003. In order to use the additional
features of Windows server 2008 DFS, I need to change my domain function level to Windows
server 2008. To upgrade the domain functional level is
a simple matter of pressing raise. Take note that once you press raise and then press ok
this change is irreversible. In order to make this change, all your domain controllers in
your domain must be running Windows server 2008.
You will also need to check your forest level. To do this, right click on active directory
domains and trusts and select raise forest functional level. Currently this forest is
set to windows server 2003. To enable windows server 2008 mode for DFS,
you only require window Server 2003 forest level. If you forest level is set to windows
server 2000, you will need to raise the forest level to at least windows server 2003.
Remember your forest must meet the requirements and if you raise your forest level, this process
is a one way process and is irreversible. In this case my forest functional level is
high enough, so I will close active directory domain and trusts and go back to the server
manager. In this case I will create a domain-based namespace which will be accessible to the
user by mapping a drive to, double back slash test dot local slash general.
Once I press next, I will be asked which domain admin account I wish to use to create the
DFS name space. If you are creating a standalone namespace, you only require local administrator
rights to the server that you are creating the name space on. Since this is a domain
name space, I need to specify a user account with domain administrator access.
Once I have entered a username and password for a user with domain administrator access
I can press the next button and move on to configuring the namespace. At the moment there
is nothing in the namespace. To make it more useful, I will press the add button to add
a share to the namespace. Your will notice that if I enter in the sever
app two and press the button show shared folders. I can see a list of all the shared folders
on the server. The share that I want to add to my DFS namespace is the share software
installs. On different servers in the organization, this folder has been called different names.
This is where the real power of DFS comes into play. Before I add this share to the
DFS name space, I can change software installs to simply software. Now when I press ok, the
software install share will be added to the DFS namespace and appear as software. If I
press next and then press install, DFS will now be installed on my server.
The install is quite simple and only takes a minute or so. Once complete this server
will be able to either host or create new DFS namespaces. Now that DFS is installed,
let’s review windows server 2008 mode. To enable windows server 2008 on your name
space, all your name space must be running windows server 2008. Your forest function
level must be windows server 2003 or higher. Finally your domain function level must be
windows server 2008 or higher. If your network has all this in place your can set up windows
server 2008 mode DFS name spaces. These name spaces will be able to support
access based enumeration. This means that if a user does not have access to a shared
folder, the folder will not appear to the user.
Windows server 2008 mode also offers improvements in scalability. With windows server 2008 your
DFS namespace can support more than 5000 targets. Most networks will not have DFS name spaces
with more than 5000 targets. However if your name space does start getting larger there
is a scalability option you can configure. The first setting is optimize for consistency.
This is the default mode for DFS name spaces. When this mode is enabled , DFS servers will
pool the PDC emulator at regular intervals for name space changes.
The PDC emulator is covered in more detail in the active directory course. Back in the
windows N T days, all changes in the user database were performed on the primary domain
controller or PDC. With the introduction of windows Server 2000,
all domain controllers gained the ability to make changes. In some cases, some changes
must still be made on one server and replicated to other serves.
Changes to the DFS name space are made on one domain controller that has the role of
the PDC emulator. This ensures that multiple changes are not made in different places.
If you have a lot of DFS servers on your network this will create a lot of network traffic
and extra load on your PDC emulator. Microsoft recommend this mode when you have fewer than
16 names space servers. If you have a large network or your name space
changes a lot, you should select the option optimize for scalability. When this mode is
selected, your DFS server will poll their local domain controller for changes rather
than the PDC emulator. Your DFS servers will makes changes to the
DFS name space via the PDC emulator to ensure the name space is consistent. These changes
will not appear until active directory replicates. This means that when this mode is selected,
there may be a delay before your end users see any changes in the DFS name space. Microsoft
recommends this mode when you have more than 16 names space servers.
With DFS, you can also set the ordering mode used when clients do not have access to a
local file server. In the example before, the client when accessing the DFS server when
possible will be directed to a server in their local site.
If no file share is available in the local site, the client may be directly to a server
outside it’s local network. This can be done in a random order. You can also set server
selection based on the lowest network cost. When you set up sites you set can set up a
cost associated with the link. DFS will follow the links and add up the cost and use the
path with the lowest cost. With the previous example of a software share, you may not want
end users having access to a software share that is not in their local site.
For example you may create a local software share in every site, but if that server was
not available you don’t want them performing installs of large software programs over the
WAN. To prevent this from happening your can also
choose to exclude targets outside of the clients site. Selecting this option will mean if the
local server is not available, the client will need to wait until it comes back on line
before it will be able to access the file share.
This prevents the client accessing the data over the WAN link. Now that DFS has been installed,
let’s have a look at how to manage it using the DFS admin tool.
To administer DFS, first run the DFS management tools from administrative tools under the
start menu. In the name space section you can see the name space that I created when
I installed DFS. To create a new name space, select new name
space from the right hand side. From the wizard I will first need to enter in the name space
server that will hold the name space. On the next screen I need to enter in a share
folder for DFS to use. In this case I will enter in invoices. On this file server there
is all ready a share called invoices. If there was no file share set up, I could press the
edit settings button and set up the permissions for the share.
Once I press next I will get a message asking if I want to keep the existing permissions
or over write them. In this case I will keep the existing permissions.
On the next screen you can select where to store the name space. If you select stand
alone name space it will be hosted on this server and not stored in active directory.
This means that the server hosting the namespace must be up and running for the end users to
access the name space. If you want high availability for DFS with a standalone configuration, you
will need to install windows server 2008 on a failover cluster.
In order to access the namespace you will need to access it by the computer name as
shown here. If I select domain name namespace you will notice that this time you can access
DFS by the domain name rather than the computer name. This means the namespace can be accessed
as long a domain controller is available. You will also notice that the option for windows
server 2008 mode. Because I raised my domain function level to windows server 2008, this
option is now available. You can leave this option ticked if all the servers that are
using DFS are windows server 2008. This includes the file servers as well as
well as the domain controllers. If I now press next and then press the create button, the
DFS name space will now be created. If I exit the wizard you can see the name space has
been added. If I now select the namespace that I just created, you will notice on the
right hand side the path FS5 slash invoices. If I right-click on the namespace and select
open in Windows Explorer. Windows Explorer will open but there are no files in the directory.
In Windows Explorer, if I now browse to the C drive of my file server and open the directory
invoices, the folders containing my invoices will appear.
When you create a new DFS root like the one I did in this example, the previous shared
folder will be re mapped to a folder called DFS roots. In this directory contains a folder
called invoice that currently does not have any files in it. To fix this problem, all
I need to do is copy all the files from the invoices directory on the root directory into
the directory DFS roots. If I now close windows explorer and go back
to the admin tool. At the top you can see test dot local slash invoices. What essentially
is happening is that when this location, test dot local slash invoices is accessed, the
user is being redirected, silently and transparently to FS5. This presents us with a problem. If
FS5 is not available, your end-users will not be able to access these files.
The configuration data for the name space is stored in active directory, how ever the
root of the name space will direct to FS5. To provide high availability for this name
space, all I need to do is select the option add namespace and then enter in another server.
In this case FS3. Once I press ok, FS3 will be added meaning that end users will be directed
to one of the two servers listed when accessing the name space.
If one of the two servers is not available, the user will simply be directed to the other
server. If you decide that you want to store data in the root of the DFS name space, you
should consider setting up a replicate to keep the data the same.
To do this, right-click on replication and select new replication group. For the replication
group you can choose multipurpose replication group, which basically means that all data
will be replicated between all the different servers.
The second option, replication group for data collection, is used when you have a central
server collecting data that you need to replicate out to other servers. In most cases you will
want to choose the first option. On the next screen you can choose a name for the replication
group. In this case I am replicating the root of
the DFS namespace, so I will enter in DFS root replication. On the following screen
you need to enter in the servers that will be members of this replication group. In this
example, FS3 an DFS 5 contain the root of the DFS namespace. On the next screen you
need to set up your topology. The first option is hub and spoke which is currently grayed
out. If I had three or more members in this replication
group I could select the option hub and spoke. When you use a hub and spoke topology, multiple
servers are connected to the one server to replicate changes. The next option is full
mesh. This means all servers in the replication group are connected to all other servers in
the replication group. If you have a lot of members in your replication
group, this means a lot of connections. For example if you had 10 servers, each server
would have 9 connections, one to each server in the replication group. The last option
no topology. This option allows you to configure your own topology.
Since I only have two servers in this replication group I will accept the default option full
mesh. The next screen allows you to specify how much bandwidth you want to use with this
replication group. If I select the option replicate during the specified dates and times
I can now select the option edit schedule. The pull down menu at the top let you determine
if the schedule is based on the local time of a server or if you want to use U T C time.
If I select an area I can choose how much bandwidth I want to use during that time.
You can also limit bandwidth between certain hours. If I was the select the hours between
seven and six, I can reduce the bandwidth usage.
This means replication will still occur but the speed of replication will be reduced.
You can also make changes to just one day. For example if I wanted to limit replication
during the week days and limit replication during office hours. For this example, I will
leave replication on the default full bandwidth 24 hours a day.
On the next screen you need to select a primary member. This server will act an authoritative
during replication conflicts. You should select the server that has the most up-to-date data.
Once you have determined which server is the primary server, on the next screen you need
to determine the folder the data will come from.
In this case I will select the invoices directory under the DFS root. DFS will now replicate
this data to the other servers. On the next screen I need to set the path for the other
servers in this replication group. You will notice that when I select the path, there
is currently no data in the invoice directory. Once I set the path and move to the next screen
of the wizard, I can now press create and the replication group will be created. Once
DFS has created the replication group, I can press close to exit the wizard. When I press
close I get a warning telling me that replication may not occur immediately.
Replication depends on the schedule I set up. If I now go into replication, select the
replication group I just created and then select the tab connections. I can right-click
the connection and select the option replicate now. DFS will replicate the folders, however
if you have just created replication group it may take some time for the changes to propagate
through your network. I have paused the video for 10 minutes to
give the DFS name space time to configure itself on the network. If I now go back into
my namespace and open the shared folder on FS3, you will notice that it has replicated
from FS5. Any changes now will be replicated between
the two servers. If I now go back to DFS management, I can select the namespace test dot local
slash general that I created when I installed DFS. You will notice that this share appears
under root of the name space. Currently there is only one target.
To add another target, I can right click software and select add folder target. From here it
is a simple matter to browse to a server that contains a file share for software. Once I’ve
added the file share, I will be asked if I want to configure another replication group.
I will select no so I can show you how to do it manually.
To add replication, select the tab replication and then select the option replicate folder
wizard. The wizard is the same as the one we did previously. For this reason I will
cancel out rather than doing it again. If I now right-click the namespace and select
properties, there are a few options in here you may want to configure.
If I select the referrals tab, you can choose the ordering method. The ordering method only
comes into play when Windows cannot find a file share in the same site as the client.
Currently it is set to lowest cost. Each link in your network will have a cost associated
with it. Windows will add up these costs and choose the lowest one.
If I was to select random order, Windows will randomly select a target from the available
ones on the network. The last option, exclude targets outside of the clients site, will
stop the client accessing a file share that is not local to the client. If you have slow
links or large files you may want to select this option.
On the advanced tab, you have the option optimized for consistency. Microsoft recommends that
when you have less than 16 servers in your namespace to use this option. When a change
to the namespace is performed, the PDC emulator will be contacted. The next option, optimized
for scalability, Microsoft recommends to be used when you have more than 16 servers.
When selected, your DFS servers will contact a domain controller rather than the PDC emulator.
If your name space is set up for Windows server 2008 mode, you also have the option enable
access-based enumeration for this namespace. When selected, folders the client does not
have access to will not be displayed. This concludes all the basic configuration of DFS.
When looking at deploying DFS in your organization, remember that it supports multiple master
replication which includes deletes. You don’t necessary have to make every copy of the data
writable however. You could deploy read only copies in your organization and still use
DFS replication system. Remember the two DFS options. Optimize for
consistency will keep your name space update to date faster, but will put more load on
your PDC emulator. Optimize for scalability is a better choice for large DFS name spaces,
however updates to the DFS name space will not appear as quickly.
If you want to use the windows server 2008 features, like larger DFS name spaces and
access based enumeration, all your DFS name space servers must be running windows server
2008. Your domain function level must be set to windows Server 2008 or higher and finally
your forest level must be windows server 2003 or higher.
When used correctly, DFS makes access data a lot easier for your end users and a lot
more transparent.